By ByteBot
A Google staff information security engineer used his company’s internal analytics to win $1.2 million on a prediction market — then got hit with federal insider trading charges. Michele Spagnuolo, 36, was arrested in New York on May 27 and charged with commodities fraud, wire fraud, and money laundering. The uncomfortable detail: the internal Google tool he exploited was available to all employees.
The Scheme: Knowing the Answer Before the Test
Polymarket runs prediction markets on real-world outcomes — who wins elections, which teams advance, who tops Google’s Year in Search. Each contract resolves at $1 if correct, $0 if wrong. The price of a contract reflects the crowd’s probability estimate. When Spagnuolo started placing his bets in October 2025, the market assigned rapper D4vd near-zero odds of being Google’s most-searched person of the year.
Spagnuolo had already looked it up internally. He placed his bets under the alias “AlphaRaccoon,” wagering a total of $2.7 million across 25 contracts on Google’s Year in Search 2025 results. When Google published the official rankings on December 4, 2025, D4vd was indeed at the top. AlphaRaccoon collected $1.2 million. His other bets, prosecutors allege, included wagering roughly $1 million that Bianca Censori would not be the most-searched person and $600,000 that Pope Leo XIV would not take the top spot. In each case, he reportedly knew the answer before the market did. The Year in Search prediction market on Polymarket had $57.1 million in total trading volume across 28 possible outcomes.
Why Google Engineer Insider Trading on Polymarket Is a Federal Crime
This is not a stock market case. No securities changed hands. However, it is still insider trading under federal law — just under a different agency’s jurisdiction.
Polymarket operates as a Designated Contract Market regulated by the Commodity Futures Trading Commission. That puts it squarely under CFTC Rule 180.1, which extends the misappropriation theory of insider trading to commodity and event contracts. The theory is straightforward: if you access material nonpublic information in a position of trust — say, as a Google employee — and trade on it for personal gain, you have breached a duty to your employer and committed fraud. The CFTC issued an advisory explicitly warning that these prohibitions apply to prediction markets on February 25, 2026. This case is the second federal prosecution under that framework in 2026, following charges against a U.S. Army service member who used classified intelligence to bet on Maduro-related Polymarket contracts.
As of this writing, Spagnuolo faces up to 50 years in prison if convicted on all counts. He was released on a $2.25 million bond. U.S. Attorney Jay Clayton stated: “Insider trading compromises the integrity of our markets, and the American people want this greed-driven conduct investigated and prosecuted.”
The Real Problem: Too Much Access to the Wrong Data
Google’s statement is worth reading carefully: “The employee accessed our marketing material using a tool available to all employees.” That is not a defense. That is the problem.
A tool available to all employees that contains pre-release information capable of determining the outcome of a liquid financial market is an access control failure waiting to happen. Spagnuolo did not need to break into a restricted system. He used a legitimate employee resource for an illegitimate purpose — and walked away, for a while, with $1.2 million. This is the scenario that security teams have long theorized about but rarely treated as a compliance priority: the broadly-available internal analytics dashboard that quietly carries material nonpublic information risk because prediction markets now exist for the data it contains. As Polymarket and its competitors expand into more outcome categories, the universe of internal data that can fuel insider trading grows with them. Law firms are already urging companies to update their insider trading policies to explicitly cover event contracts and prediction markets — because most corporate policies never anticipated this category of financial instrument.
What Changes From Here
The enforcement signal is clear. The CFTC is actively drafting formal prediction market rules in 2026. The Southern District of New York has charged two people in less than two months for exactly this conduct. Meanwhile, ByteIota previously covered how DuckDuckGo saw a 30% surge in users as trust in Google’s data practices continues to erode publicly — this case will not help.
For developers and engineers at companies with access to market-sensitive internal data — search trends, sales figures, pre-release metrics, clinical trial results — the Spagnuolo case is a reminder that the list of places where that information cannot legally be traded has grown. It is no longer just the stock market. Moreover, the CFTC’s misappropriation theory does not require that you hacked your way to the data. Legitimate employee access, used outside the scope of employment, is enough.
As for Spagnuolo, a 12-year Google veteran whose job was protecting data: sometimes the most relevant threat actor is already inside with valid credentials.
